Need to Know: Cybersecurity and Pro Audio

Even when artists recorded in a single room, with a single producer and master tapes locked up by the label, there was theft, which today we call piracy. Even at a top-selling concert, with an all-analog signal chain, there were bootlegs made, later to be sold. The human factor in the entertainment media security chain hasn’t really changed, but today there are far more points of access and far more ways to pilfer a project.

Until recently, the main focus on security of media and media assets in the digital age involved the distribution chain, whether a song, movie or live performance. Over the past five years, highlighted by well publicized hacks of Sony, HBO and others (and there are many, many others that are not reported, experts agree), the emphasis is shifting to the production and post-production chains.

Consider how many points of contact a typical song, motion picture or television show might have during its life, from concept to distribution. Files are created by writers and turned into demos at home, then sent as WAV files to editors, then to mixers, marketers, distributors, and finally sent by email to producers on laptops for song approval. Multiply that by ten for an album, by 100 for a feature film. Then add Dropbox, Google Drive, Hightail or straight-up email. The number of points of contact—and potential security breaches—rise exponentially.

For now, on a production level, most organizations seem to be dealing with cybersecurity through file encryption of stored data, or “data at rest” (not moving through a network). The MPAA requires studios and vendors that touch elements to have procedures in place to deal with encryption at rest. Twelve years ago, NBCUniversal consulted Fortium, a UK company specializing then in email and corporate security, to learn about its practices.

“[NBCUniversal] had identified an area in post-production where they had large volumes of content being edited in the clear,” recalls Mathew Gilliat-Smith, CEO of Fortium. “They had an MPAA audit checking their systems and they were pretty good, except for a small hole in post-production picture and sound editing. That’s where our MediaSeal product got going.”

MediaSeal handles files at the kernel level, the operating system level, so that the Fortium system remains file-agnostic and can work in Adobe Premiere, Avid, Aspera, Object Matrix or any other platform. “Any security system is about ease of use,” Gilliat-Smith says. “There’s a psychological gap with people taking a different step to what they normally do. Our job was to make it easy to use and simple to integrate into any workflow.”

In the ensuing 12 years, Gilliat-Smith notes, some headway has been made in preventive measures, though most facilities, organizations and individuals continue to react only after a crisis.

Meanwhile, the boom in networked AV systems has given rise to entirely new levels of concern in the venues and performance spaces of the future. Dante, AVB and AES67 interoperability protocols all tout military-grade security, and they are effective. But as has been proven time and again over the last five years, across all industries, nobody is totally secure.

As Benson Chan, a senior consultant at Strategy of Things, wrote in January in advance of ISE: “A new generation of AV systems is coming to market. Powered by such emerging technologies as IoT and AI, these systems promise to bring disruptive change. At the same time, these systems pose significant cybersecurity risks.… In many corporate environments, AV and IT are still separate organizations responsible for their respective systems. IoT technologies can fall into a ‘no-man’s-land,’ with no single organization that is responsible for it. In a network, AV cybersecurity vulnerabilities don’t fall into neat organizational boundaries. Hackers look for any point of entry, whether it is on the AV, IoT or IT side. AV cybersecurity is not AV’s problem, or IT’s problem. It’s everyone’s problem.”

Sobering thoughts indeed, though it drives home the message that security is only as strong as the weakest link in the chain.

Tom Kenny is content director of Mix magazine.

Need to Know More? Do you have a burning question about cybersecurity? Or maybe there's a particular topic you'd like to see us tackle in future installments of Need to Know. Email us at needtoknow@futurenet.com and we’ll put our top minds on it!

By Michael Garwood. AI is fueled by data, which can come in many different forms for many different uses. On its own, that data may not seem useful. However, contained within it could be the difference between success and failure (profit and loss). This is where AI comes into play, where a machine may be able to do the job of a human.